Date: Fri, 26 Oct 2001 09:54:58 -0400 From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu> To: "Jose M. Alcaide" <jose@we.lc.ehu.es>, stable@FreeBSD.ORG Subject: Re: login(1) now forks the shell instead of exec'ing it ? Message-ID: <17070000.1004104497@vpn68.ece.cmu.edu> In-Reply-To: <20011026154851.B378@v-ger.we.lc.ehu.es> References: <20011026154851.B378@v-ger.we.lc.ehu.es>
index | next in thread | previous in thread | raw e-mail
On Friday, October 26, 2001 15:48:51 +0200, "Jose M. Alcaide" <jose@we.lc.ehu.es> wrote: +----- | Why is that fork() needed? I cannot see why pam_end() is not being called | from the login process context, instead of forking a child process for | exec'ing the shell while the parent is left waiting for it and exits | inmediately when its child finishes. Just wondering. +--->8 Consider what happens if the PAM session hook acquires and releases network credentials (AFS/Arla tokens in particular, but some sites like to clean up Kerberos tickts on logout as well); if login simply does a PAM_END and exec()s the shell then they don't stick around. (Linux PAM's login had this bug a few years ago; it was really annoying.) The session close hook (invoked by the PAM_END macro) must be called after the session exits, not before it even starts (from the user's standpoint), so login has to stick around until the user's shell goes away. -- brandon s. allbery [os/2][linux][solaris][freebsd] allbery@kf8nh.apk.net system administrator [JAPH][WAY too many hats] allbery@ece.cmu.edu electrical and computer engineering KF8NH carnegie mellon university [linux: proof of the million monkeys theory] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17070000.1004104497>